Trust No Program

Flash Player Installer avoids having [#] when sandboxed

Please post your problem description here

Flash Player Installer avoids having [#] when sandboxed

Postby Anonymouse » Thu Sep 13, 2012 8:53 am

Sandboxie 3.74 on Windows 7 (x64)

Download the Flash Player Installer from http://get.adobe.com/flashplayer/downlo ... ffer=false

Make a sandbox that has the [#] indicators in the title.
Run the Flash Player Installer inside the Sandbox.
The Flash Player Installer won't have the [#] indicators.
Also, the Flash Player Installer manages to move itself to the Temp folder.
Anonymouse
 

Postby Brummelchen » Thu Sep 13, 2012 2:16 pm

some installers dont show that although sandboxed - return to common use...
-------------------------------------
you can not buy or install security!
Brummelchen
 
Posts: 308
Joined: Mon Oct 13, 2008 2:13 am

Re: Flash Player Installer avoids having [#] when sandboxed

Postby DR_LaRRY_PEpPeR » Thu Sep 13, 2012 5:12 pm

Anonymouse wrote:The Flash Player Installer won't have the [#] indicators.


What Brummelchen said. Depending how it's creating its title bar, etc. (custom or non-standard). I notice that with QuickTime, for example.


Also, the Flash Player Installer manages to move itself to the Temp folder.


Yeah, anything can put anything in the Temp folder. %TEMP% and %TMP% seem to be Direct Access in Sandboxie no matter what.
DR_LaRRY_PEpPeR
 
Posts: 284
Joined: Wed Jul 04, 2012 11:40 pm
Location: St. Louis area

Re: Flash Player Installer avoids having [#] when sandboxed

Postby Guest10 » Thu Sep 13, 2012 7:21 pm

DR_LaRRY_PEpPeR wrote:Yeah, anything can put anything in the Temp folder. %TEMP% and %TMP% seem to be Direct Access in Sandboxie no matter what.
Since when? I don't see it.
Paul
XP Pro SP3 (Admin), Zone Alarm Pro Firewall, Malwarebytes Pro, Firefox 32, Thunderbird 31.
Sandboxie user since March 2007.
Guest10
 
Posts: 4856
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Postby DR_LaRRY_PEpPeR » Thu Sep 13, 2012 8:00 pm

Don't "see" it, literally, in Direct Access you mean? I didn't mean that. :) I meant that it seems to be a default "hidden" OpenFilePath internally. (And since I started using it, which isn't long ago. :lol:)


I don't really like it. Especially that files there don't count as "in the sandbox" when using Start/Run Access (for me: *.exe or *.*). Put something there and it can be started... In my case, I'll just assume SRP isn't bypassed and processes running without admin privs can't run anything from there anyway. :D (Even though I'm using XP as admin, I'm using a little trick with registry permissions to get 2 sets of SRP rules; everything allowed as true admin.)

I already don't like how Sandboxie allows otherwise protected files (in Windows and Program Files) to be modified in the sandbox, therefore weakening things a bit from inside a sandbox. Start/Run Access doesn't solve anything for DLLs... :x
DR_LaRRY_PEpPeR
 
Posts: 284
Joined: Wed Jul 04, 2012 11:40 pm
Location: St. Louis area

Postby tzuk » Fri Sep 14, 2012 11:09 am

What are you talking about. :?:
%TEMP% and %TMP% are not built-in exclusions. :!:
tzuk
tzuk
Site Admin
 
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Postby DR_LaRRY_PEpPeR » Fri Sep 14, 2012 11:22 am

Untouched DefaultBox with default settings... Run Explorer in it and put something in the Temp folder. It's on the real system, not in the sandbox. I don't think I ever remember seeing the Temp folder in any sandbox when browsing contents, but not certain. I assumed the OP is getting the same behavior.

I've never used the default Temp locations, if that would make a difference. I have User and System %TEMP% and %TMP% all set to D:\Temp
DR_LaRRY_PEpPeR
 
Posts: 284
Joined: Wed Jul 04, 2012 11:40 pm
Location: St. Louis area

Postby tzuk » Fri Sep 14, 2012 11:37 am

No, I don't see this. Maybe you have some template that gives access to D:\Temp ? Perhaps due to something in your Applications > Folders settings page? One more thing I can think about, if your print spooler directory was set to D:\Temp.
tzuk
tzuk
Site Admin
 
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Postby DR_LaRRY_PEpPeR » Fri Sep 14, 2012 12:20 pm

No, no Templates. But I guess you nailed it, thanks! I do have the print spool set to the same folder. :o So the print spool directory is a built-in exclusion? What, do programs that print need to write to that folder which is then used by the Print Spooler service? (Ahh yes, I guess that's how it works. I see the default system32\spool\PRINTERS allows the Users group to Create Files.)

I guess putting a spool folder under Temp will take care of that. Thanks again and sorry for the hijack. :)
XP Home-as-Pro SP3 (Admin) w/ continued updates (Embedded/POSReady 2009)
> Permissions + "2-level" SRP, latest Sandboxie (Pro/registered), EMET 4, no anti-anything (ever)
Did I make tzuk crazed... in his last days? :o
DR_LaRRY_PEpPeR
 
Posts: 284
Joined: Wed Jul 04, 2012 11:40 pm
Location: St. Louis area


Return to Problem Reports

Who is online

Users browsing this forum: Der Moloch, Google [Bot] and 3 guests